What should happen if no transformation applies?

There are several options if no regex or value can be transformed/ replaced:

Use untransformed values
The values are processed as sent by the identity provider.
Ignore the attribute
The attribute will be ignored and will not be updated/ saved for this user.
Existing values will not be changed.
Clear the attribute value
Only the attributes that could be transformed are assigned, all other values are being removed.
For example, the identity provider sends three groups "A", "B" and "C" and only "C" is transformed, "A" and "B" are being removed.
If the identity provider sends three groups "A", "B" and "C" and no transformation applies for these, none will be assigned.
Filter the user
The user will be filtered if no transformation rule is applied. In the context of SAML SSO, authentication will for this user fails.
In the context of UserSync, the user will not be synced or the cleanup behaviour is applied if the user existed already.
The below depicts a User Sync connector's Sync Settings tab with the cleanup behavior which is always only applied at the end of a full synchronization.

SAML Single Sign-On is available for Atlassian Server & Atlassian Data Center products. Our Jira Data Center, Confluence Data Center, Bitbucket Data Center, Jira Server, Confluence Server, Bitbucket Server and other apps are all available on the Atlassian Marketplace.